A web application firewall inspects requests and filters those that are deemed malicious. In comparison, Client Reputation focuses on the source of the request, and determines the extent to which that source has sent malicious requests in the past. Register today for this upcoming webcast to find out more!

SC Magazine's SC Congress returns to London on 3 March, 2015 with an all new programme! Here is your chance to catch a full day of hard-hitting information security news and solutions from leaders in their industries that you can implement for your company.

As employees increasingly have mobile access to the corporate network this webcast will discuss the steps organisations can take to minimise risk among their workforce and detail what a mobile device management policy should look like and how to enforce it. Register today for this SC editorial webcast!

Android mobiles are increasingly being targeted by Potentially Unwanted Programs (PUPs), often offered through legitimate channels, but which mislead people and then bombard the user with aggressive advertising and in-app purchases, as well as taking unnecessary amounts of personal data. As a result they also impact phone performance, but they are not officially designated malware as the user has initially requested their installation.

The leading offender is adware, which aggressively and persistently presents advertisements and exploits the OS or other software to force the device to advertise in a questionable manner. Secondly, there are more generalised PUPS, a broader category which includes apps which seek suspicious permissions beyond their advertised function, impact device performance, use vulnerable code or operate dubious in-app purchases.

Marcin Kleczynski, CEO at Malwarebytes told SCMagazineUK.com in an email, “Not only are these pieces of software annoying and needlessly expensive, but they can end up seeing personal data put to dubious use. Aggressive advertising and sneaky pay-to-play schemes in particular are on the increase. In the beginning there were few offenders, but there are now a number of SDKs on the market which make it easy to create multiple variants, as well as bundle these together in a single app.”

Armando Orozco, senior malware intelligence analyst at Malwarebytes explained that these apps are asking for permissions which are way beyond what is actually required by the host app itself, commenting: “Typical examples of the types of privileges they seek are things like access to a person's contact book, the ability to write history and bookmarks, the ability to create shortcuts without explicit permission and even being able to send SMS.”

As these types of apps aim to drive revenues games are a very popular area for these types of SDK to be found, but they can be in any category where ads can be specifically targeted, so anything from productivity to adult themed apps are exploited. Orozco adds: “Often there are apps with three or more of these SDKs bundled, not just adding to the bloat but potentially exposing the user to vulnerabilities that lay in the SDKs code. Malware could potentially exploit that security hole to access the user's device.”

In response, today Malwarebytes has launched a new version of its Anti- Malware Mobile which has added PUP protection and will give people an option to automatically detect and block these dubious apps. Given the nature of such apps, the classification of an app as a PUP will initially be made by a human researcher. The software will still allow scheduling of updates over WiFi, social sharing of the app with friends, features French translation and allows users to send feedback and request new features.

Google is reported to have been working to address this situation by altering its developer policy so that developers are required to announce if their adware uses push notifications or makes changes to the system, by requiring a EULA to be presented and offering an opt out. “This has made it a little more difficult to operate and has removed some overly aggressive apps, but it has to tread a very fine line,” says Orozco.

SC Magazine arms information security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.